Skip to content

fix: use wildcard for allowed_bots in claude-code-action#42

Merged
Dorac merged 2 commits into
masterfrom
fix/dependabot-allowed-bots-wildcard
Jun 18, 2026
Merged

fix: use wildcard for allowed_bots in claude-code-action#42
Dorac merged 2 commits into
masterfrom
fix/dependabot-allowed-bots-wildcard

Conversation

@Dorac

@Dorac Dorac commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Summary

  • dependabot's actual GitHub actor name is dependabot[bot] (with the [bot] suffix), so allowed_bots: dependabot didn't match
  • Switch to allowed_bots: '*' — safe since this reusable workflow is only ever called by Dependabot auto-merge flows

Test plan

  • Trigger a Dependabot PR in cp-crypto-swap and verify the auto-merge Claude step runs without the "non-human actor" error

🤖 Generated with Claude Code

dependabot's GitHub actor is dependabot[bot], not dependabot.
Use '*' to allow all bots — safe since this workflow is only
triggered by Dependabot PRs.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Using '*' is overly permissive for an auto-merge pipeline with write
permissions. The correct GitHub actor name for Dependabot includes
the [bot] suffix: dependabot[bot].

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Dorac Dorac merged commit 6bc09a6 into master Jun 18, 2026
4 of 8 checks passed
@Dorac Dorac deleted the fix/dependabot-allowed-bots-wildcard branch June 18, 2026 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant